wood burning stoves 2.0*
The moose likes BEA/Weblogic and the fly likes WebLogic Security - Problems whle calling weblogic custom Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "WebLogic Security - Problems whle calling weblogic custom Authentication " Watch "WebLogic Security - Problems whle calling weblogic custom Authentication " New topic
Author

WebLogic Security - Problems whle calling weblogic custom Authentication

Prasanna Kanvinde
Greenhorn

Joined: Aug 04, 2009
Posts: 3
I have created a weblogic custom authentication provider. This is packaged in a jar file called MyAuth.jar.
I have kept that jar file in WL_HOME/server/lib/mbeantypes.

I started the weblogic 10.2 server. I logged into the Admin console.
Inside Security Releam I created a new Authentication provider and selected my MyAuth Authenication provider.

Now I created a webApplication and want to call this authenication provider to authenicate the username / password of the user.

How will I call this provider through the program.

I tried using Authentication.login(username, password, request, response)
method. But I am getting some exception.
I am not able to find the exact cause of this problem.

Can someone tell me how to call this custom Authentication provider through my program?
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

But I am getting some exception.


What is the exception ?

Can someone tell me how to call this custom Authentication provider through my program?


Is the provider not supposed to do that on its own. Declaratively, I would expect the provider to understand my auth requirements. Example, mention the user principal, group etc in web.xml and the provider should be able to tell me through j_security_check if the user exists in the realm. Is that not what you are trying to do ?


SCJP 6 articles - SCJP 5/6 mock exams - More SCJP Mocks
Prasanna Kanvinde
Greenhorn

Joined: Aug 04, 2009
Posts: 3
I want to know whether my call Authentication.login(usename, password, request, response) is correct or not.

Or

Is there another way to call the authenticator.

Also How will Weblogic 10.2 decide which authenticator to call if I have many custom providers

I have written my program in this fashion

Sopln("Before Calling");
Authentication.login(usename, password, request, response)
Sopln("After Calling");

It prints Before calling and stops. I do not know what the exception is. I have put sopln in my provider class, these are also not getting printed.

I don't even know whether my custom provider gets called or not.

I did not find this anywhere in the BEA doc or anywhere on the internet.

I want to make sure that my provider gets called. What is the way of doing this?

Can someone please help in resolving this issue.?
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

It prints Before calling and stops. I do not know what the exception is. I have put sopln in my provider class, these are also not getting printed.


Did you try catching one ?

Why are you trying to explicitly call this authenticator ?

Inside Security Releam I created a new Authentication provider and selected my MyAuth Authenication provider.


You have already configured the authenticator so why not use a declarative config ?
Prasanna Kanvinde
Greenhorn

Joined: Aug 04, 2009
Posts: 3
What is a declarative config?

Do I need to call this authenticator explicitly? If not, then, what is the way to make sure that this gets called?

If I do not call this authenticator then it does not get called while login the user.

Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

Lets say you use a LDAP authentication provider. Weblogic's job is to tell anyone asking weblogic if a particular user name and password are valid. It is the provider's job to enable the client and weblogic to understand each other. I am assuming the provider provides some interfaces that enable you to define this since I have never implemented the provider myself.

Once you assign the provider to weblogic, you can use the security based elements in web.xml to constrain a web resource and require that a user be authenticated. This in tandem with weblogic.xml can enable what you are trying to do. The web.xml file can use declarative form based authentication for example.

Here is some help for web.xml from WL 10 docs

http://edocs.bea.com/wls/docs100/webapp/web_xml.html#wp1017885

I think mapping users to principal can be done with this element in weblogic.xml (WL 10 docs)

http://edocs.bea.com/wls/docs100/webapp/weblogic_xml.html#wp1040908
N Ha
Greenhorn

Joined: Jun 02, 2010
Posts: 9
@Prasanna : Can you send us the source code or the domain's config.xml, I was trying to implement a custom authentication but it's giving me exception when server starts up

<Jun 2, 2010 9:19:32 AM EEST> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.Se
rviceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for My Authentication Trial is not specified..

I don't understand what the problem is, I have already placed the jar file in WL_HOME/server/lib/mbeantypes
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: WebLogic Security - Problems whle calling weblogic custom Authentication